Okta

Documentation Index

Fetch the complete documentation index at: https://docs.pads4.com/llms.txt

Use this file to discover all available pages before exploring further.

The user provisioning is the process of automatically creating, updating, and removing users accounts. It ensures that the users get the right access when they join, change roles, or leave the organization. To enable user provisioning, our system uses SCIM standard which provides a consistent and automated way to create, update, and deactivate users. In order to setup the user provisioning, you will have to create an identity provider following the SSO configuration instructions in this document, enable the SCIM option on it and then setup the SCIM configuration on the external identity provider.

​

1. Enable SCIM on PADS4 identity provider

While you are configuring your PADS4 identity provider, you have the possibility to enable a SCIM Provisioning option. To enable it, while creating the identity provider :

• Click on “SCIM Provisioning” step
• Click “Enable SCIM Provisioning”

Once you enabled it, please keep the following data:

• SCIM URL
• SCIM Access Token

Those values will be reused later while configuring the SCIM Provisioning on the external identity provider side. On Okta, the user provisioning feature can be enabled on the same application you did previously created for the SSO.

​

Create the provisioning configuration

• Open the application you created previously for the SSO Configuration

• Click on the “General” tab and then click on the “Edit” button from the “App settings” panel
• Check the “SCIM” option on the “Provisioning” field
• Click “Save”

Once the option is saved, a new “Provisioning” tab should be available at the top.

• Click on the “Provisioning” tab
• Click on the “Edit” button and enter the following information :
  • SCIM Connector URL – Here you will need to fill in the url that was given on the PADS4 identity provider as “SCIM URL” (e.g. https://pads4.mycompany.com /rdx/nds.services.user.scim/api/v1/scim)
  • Unique identifier field for users – This will defined the unique identifier that will be the reference between Okta and PADS4. Default is “username”
  • Supported provisioning actions – Click on the following actions
    • Push new users
    • Push profile updates
    • Push groups
  • Authentication Mode – Select “HTTP Header”
  • HTTP Header
    • Authorization – Here you will need to fill in the token that was given on the PADS4 identity provider as “SCIM Access token”

• Then click on “Test Connector Configuration” to ensure the configuration is ok

• If the test is ok, then click on the “Save” button to apply this configuration

Once you saved the integration configuration, new left tabs should be available

• Click on the “To App” tab and click on the “Edit” button on the “Provisioning to App” section
• Check “Enable” checkboxes for the following sections:
  • Create users
  • Update user attributes
  • Deactivate users
• Click on the “Save” button to apply the changes

​

Configure user & group mapping

The user & group mapping are already configured by default when the application is created but you can just ensure you at least have the following attributes mapped on your application:

• (Optional) Add optional attributes

You can also add some optional attributes that are defined by PADS4 To use them, you will have to click on “Add New Mapping” again for each of those attributes and setup those. Currently, the optional attributes available are:

​

Assign allowed group to access the application

On Okta, you will have to define which group members will be synchronized with the application. This is configured the same way as the Single Sign-on configuration and the user groups already defined for the SSO will already be applied to this configuration. If you need to extend this user group list, please follow those instructions in the respective SSO article at part: Assign user groups to the application